SOC 2 Compliance and Audit Report

Why am I being asked about SOC 2 Compliance?

Companies want to avoid working with at-risk vendors. That’s why many service organizations are being asked for a SOC 2 audit report. A SOC 2 report helps to address third-party risk concerns by evaluating internal controls, policies, and procedures that directly relate to the security of a system at a service organization.

Connect with a SOC 2 Compliance Expert today to determine whether a SOC 2 is right for your organization, how long it takes to complete a SOC 2 audit, and how our Online Audit Manager can help jump start your way to SOC 2 Compliance.

Connect

Gain Access

SOC 2 Report

Demonstrate your SOC 2 compliance with your final report.

Security

Confidentiality

Availability

Processing
Integrity

Privacy

What is a SOC 2 Report?

The SOC 2 Report was specifically designed as a way to evaluate service organizations and determine if they’re compliant with the principles of security, availability, processing integrity, confidentiality, and privacy. Also known as the Trust Services Principles, these principles address internal controls unrelated to a client’s financial reporting or ICFR.

There are two types of SOC 2 Reports:

SOC II Type I Report

In a SOC 2 Type 1 Report your Independent Auditor will offer an opinion of the fairness of the presentation of the description of the Service Organization’s system, the suitability of the design of the controls, and whether or not the controls have been implemented as of a certain date.

SOC II Type II Report

In a SOC 2 Type 2 Report your Independent Auditor describes the operating effectiveness of the controls over a period of time and your auditor’s tests of controls and the results of the tests.

Which Trust Services Principles should I Select?

When selecting which Trust Services Principles are right for your SOC 2 report, first you must determine the scope of the engagement and which principles are applicable to your system. The following high-level definitions can help get you thinking about which principles apply to your organization:

Security – The system is protected against unauthorized physical and logical access.

Availability – The system is available for operation as use as agreed.

Confidentiality – Information designated as confidential is protected as agreed.

Privacy – Personal information is collected, used, retained, disclosed and destroyed with the commitments in the entity’s privacy notice and principles set forth by the AICPA.

Our SOC 2 Compliance Experts can help lead you down the right path towards your SOC 2 compliance report.

Receiving Your SOC 2 Report

A SOC 2 report is a great way for service organizations to demonstrate their commitment to security and delivering high quality services to their clients. A SOC 2 report allows organizations to prioritize their risks, bringing added benefits to your organization and giving you a competitive advantage. SOC 2 compliance shows that you have matured your practices and are committed to gaining client trust by addressing any information security risk concerns.

What is the SOC 2 Audit Process?

Performing a gap assessment before the actual audit is a good way to determine where your organization currently stands against the SOC 2 principles. Our senior-level auditors will perform the assessment and provide advice on ways to remediate. KirkpatrickPrice’s Online Audit Manager will get the audit process going by serving as an online portal for uploading documentation, policies, and procedures for your auditor to review. Your SOC 2 compliance auditor will work with you through the process, providing remote guidance and helping to complete 80% of the audit before coming in for a quick onsite. Contact us to gain access to our Online Audit Manager and begin your journey towards SOC 2 compliance today.